Changes between Version 10 and Version 11 of DirectoryAuthPlugin
- Timestamp:
- Mar 22, 2015, 11:51:47 AM (9 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
DirectoryAuthPlugin
v10 v11 1 1 [[PageOutline(2-5,Contents,pullout)]] 2 2 3 = Directory Auth Plugin 3 4 … … 6 7 The Directory Auth Plugin is a password store for the AccountManagerPlugin that provides authentication and groups from [http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol Lightweight Directory Access Protocol (LDAP)] enabled service including [http://www.openldap.org OpenLdap], [http://en.wikipedia.org/wiki/Active_Directory ActiveDirectory] and [http://en.wikipedia.org/wiki/Apple_Open_Directory OpenDirectory]. 7 8 8 Users are authenticated by performing an ldap_bind against a directory using their credentials. The plugin will also pull the email address and displayName from Directory and populate the `session_attribute` table.See [http://pacopablo.com/blog/pacopablo/blog/set-assign-to-drop-down Populating ''Assign To'' Drop Down in Trac] for more information on why.9 Users are authenticated by performing an ldap_bind against a directory using their credentials. The plugin will also pull the email address and displayName from Directory and populate the `session_attribute` table. See [http://pacopablo.com/blog/pacopablo/blog/set-assign-to-drop-down Populating ''Assign To'' Drop Down in Trac] for more information on why. 9 10 10 11 == Features 11 - Can use a service account to do lookups, or anonymous binding 12 - Can use SSL if openssl is configured correctly ( I am working on some documentation for this ) 13 - Configurable .. many options to deal with the differences between directories and schema 14 - Uses both memory and db based caching to improve performance 15 - Now supports LARGE directories '''Updated''' 16 - Searches Groups more efficiently using Member 17 - Recurses up the tree to find subgroups 18 - Can expand directory groups into the Trac namespace 12 13 - Can use a service account to do lookups, or anonymous binding. 14 - Can use SSL if openssl is configured correctly. 15 - Configurable .. many options to deal with the differences between directories and schema. 16 - Uses both memory and db based caching to improve performance. 17 - Now supports LARGE directories '''Updated'''. 18 - Searches Groups more efficiently using Member. 19 - Recurses up the tree to find subgroups. 20 - Can expand directory groups into the Trac namespace. 19 21 20 22 See: [DirectoryAuthPlugin/TheoryOfOperation TheoryOfOperation] … … 28 30 [http://trac-hacks.org/newticket?component=DirectoryAuthPlugin&owner=sandinak new ticket]. 29 31 32 [[TicketQuery(component=DirectoryAuthPlugin&group=type,format=progress)]] 33 30 34 == Download 31 35 … … 36 40 You can check out DirectoryAuthPlugin from [http://trac-hacks.org/svn/directoryauthplugin here] using Subversion, or [source:directoryauthplugin browse the source] with Trac. 37 41 38 == Install 42 == Installation 39 43 40 44 ==== Prerequisites 41 45 42 46 - You must install AccountManagerPlugin in order to use this plugin. 43 - Python-LDAP is also required and can be downloaded [http://pypi.python.org/pypi/python-ldap/ here]44 - for SSL, you will have to install and configure OpenSSL to work with valid certificates. ( you can test using ldapsearch -Z )47 - [pypi:python-ldap/ Python-LDAP] is also required. 48 - For SSL, you will have to install and configure OpenSSL to work with valid certificates. You can test using `ldapsearch -Z`. 45 49 46 ==== Installation 50 ==== Installation steps 47 51 48 Follow the Trac documentation on how [http://trac.edgewall.org/search?q=TracPlugins to install Trac plugins] 52 Follow the Trac documentation on how [http://trac.edgewall.org/search?q=TracPlugins to install Trac plugins]. 49 53 50 - starting with0.3, a database upgrade will be required as part of the installation.51 1. install the plugin and it's prerequisites52 1. update the database54 - Starting with v0.3, a database upgrade will be required as part of the installation. 55 1. Install the plugin and its prerequisites 56 1. Update the database: 53 57 {{{#!sh 54 58 trac-admin /var/trac/instance upgrade 55 59 }}} 56 1. restart the tracservice or your webserver.60 1. Restart the tracd service or your webserver. 57 61 58 See [DirectoryAuthPlugin/ConfigurationExamples ConfigurationExamples] 62 See [DirectoryAuthPlugin/ConfigurationExamples ConfigurationExamples]. 59 63 60 64 == Common Errors 61 - When using SSL, the server won't authenticate. Make sure you can use ldapsearch -Z with the same parameters from the same host, and resolve the issues there. A handy way to do that is use: 65 66 - When using SSL, the server won't authenticate. Make sure you can use `ldapsearch -Z` with the same parameters from the same host, and resolve the issues there. A handy way to do that is to use: 62 67 {{{ 63 68 joe@admin > ldapsearch -d8 -Z -x -b dc=base,dc=net -D binding@base.net -W -H ldaps://ldap.base.net -s one 'objectclass=person' … … 65 70 The {{{-d8}}} should show you TLS errors. 66 71 67 - If you see Trac throwing an exception similar to "OPERATIONS_ERROR: In order to perform this operation a successful bind must be completed on the connection" when you know the bind user/pass is correct you will want to try connection to active directory on port 3268.This may happen when AD is running across multiple machines.72 - If you see Trac throwing an exception similar to "OPERATIONS_ERROR: In order to perform this operation a successful bind must be completed on the connection" when you know the bind user/pass is correct, then try connect to Active Directory on port 3268. This may happen when AD is running across multiple machines. 68 73 69 74 == Recent Changes … … 74 79 75 80 '''Author:''' [wiki:pacopablo] [[BR]] 76 '''Maintainer:''' rjollos[[BR]]81 '''Maintainer:''' [[Maintainer]] [[BR]] 77 82 '''Contributors:''' sandinak